This South Asian e-commerce business leader, like many e-commerce companies, had been under continuous attacks. Global threat actors large and small had attempted to compromise the company’s operations, divert funds and shipments of goods and exfiltrate proprietary corporate and customer information. The actors used passwords acquired during the breach of a business associate’s device to compromise the account holders of this e-commerce leader. This incident raised concern in the industry and brought to the fore the importance of increasing the resiliency of a company’s DNS cyber defenses.
The goals of the DNS security acquisition included the need for additional control over access management, to identify and stop DNS tunneling attacks, deeper insight into user activity, more threat intelligence data and safer accommodation for work from home. During the ongoing pandemic, work from home requirements have been very important. This company chose to enhance technology and cyber security by making significant investments in improving defenses and reducing vulnerabilities. The protection of critical DNS assets became a core part of the company’s cyber defense strategy. This e-commerce leader has a complex technology and network environment, and this required API-level integration with the chosen DNS solution.
This environment includes:
- Endpoint Security (XDR)
- Integrated Ticket Management System
- Data Loss Prevention (DLP)
- Cloud Access Security Broker (CASB)
- Identity Access Management (IAM)
- Threat Intelligence Tools and Feeds
- Next-Generation Firewall (NGFW)
- Virtual Private Network (VPN)
- Microsoft Office 365, Azure
- Internet Monitoring
Important DNS security use cases had to be addressed. These included malware detection and protection, data exfiltration, user visibility and look-alike domains.
The company selected, acquired and installed Infoblox BloxOne Threat Defense because it provided enhanced visibility needed to detect and prevent DNS-based data exfiltration and address the other critical use cases. BloxOne Threat Defense is part of an expanded cyber security strategy for advanced threat intelligence and prevention of DNS-based data exfiltration.
DNS servers normally use port 53 to listen for queries from DNS clients. Infoblox’s team demonstrated how the company connects and showed data exfiltration through port 53; namely, Infoblox connected to the client’s network and demonstrated how a threat actor could easily acquire documents and other information. This e-commerce leader looked to the future expansion of its IT operations and felt that Infoblox’s support for Chrome OS and Linux was essential to its operations in India. Infoblox also provided a path to Cloud-based DDI services that can be integrated with the DNS security platform. The e-commerce leader can now globally leverage the full set of BloxOne foundational security capabilities for expanded protection, both on-premises and within the cloud.
(Source : Infoblox.com)
For reading more interesting trends and perspectives on cybersecurity, please visit Security Edge